CVE-2015-7289 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Arris	Na Model 862 Gw Mono Firmware	ts070593c_073013
Arris	Dg860A	All versions
Arris	Tg862A	All versions
Arris	Tg862G	All versions

Related Weaknesses (CWE)

CWE-255

References

http://www.kb.cert.org/vuls/id/419568Third Party AdvisoryUS Government Resource
http://www.kb.cert.org/vuls/id/419568Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-7289?

CVE-2015-7289 is a vulnerability with a CVSS score of 9.3 (HIGH). Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote...

How severe is CVE-2015-7289?

CVE-2015-7289 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7289?

Check the references section above for vendor advisories and patch information. Affected products include: Arris Na Model 862 Gw Mono Firmware, Arris Dg860A, Arris Tg862A, Arris Tg862G.